Last updated: September 2021
In our privacy policy (“policy”) we explain how we process your personal data, incl. what we use it for and how we store and protect it. We do that because we care about your privacy. ‍
‍

1. Who are we

We are the company responsible for the processing of your personal data (“your data”) in accordance with this policy. Here’s our information:

Contractbook ApS
22, st. Masnedøgade, Copenhagen Ø, 2100, Denmark
Company registration number: 36890649
Email: support@contractbook.dk
Telephone number: +45 25943033

To make the policy more user friendly we use “we”, “us”, “our” etc. to describe our company. When we talk about our “website” we mean https://www.contractbook.com and the other sites and apps we own and operate. When we refer to the “platform”, we mean our product “Contractbook”. When we refer to “you” we mean you as a user of our website, app or customer of our online services or products.  

2. Links to other websites etc.

On our website, in our emails and on our social-media profiles, we may have links to other companies, apps or websites (“other websites”) that aren’t ours. This policy doesn’t cover how those other websites process your data and we therefore encourage you to read the privacy notices on the other websites you visit.

3. Why, what and for long we process your data

To give you a better understanding of why, what and for how long we process your data, we’ve divided our processing activities into areas describing the different purposes we process your data for.

Deliver our services & products.

We process your data to deliver our services and products to you. This includes giving you access to your Contractbook account, sending you notifications, registering and identifying you as a customer and or user, setting up your account, logging and saving the actions you take when you use our website and product, responding to your questions and providing you with customer service and support, e.g. sending service related messages to you and other services that can be ordered through the website.

The data we process about you in that regard is listed here. The data is collected directly from you and from user collaboration and invitations to the platform:

• Your contact details, incl. your name, email, title, National ID number (voluntary), telephone number, address and country,
• Information about the company you work for, your role and access rights in relation to your Contractbook account,
• When you are invited to participate, collaborate in regards to templates and documents, and/or sign a contract,  
• Purchase history, interest areas and use of our product and services,
• Your requests and actions, e.g. sign-up and use of our website, when you accepted our terms & conditions, when you signed up, login details and verification, when you contact us for support etc. If you email us, we will collect the content of your message.
• Information about what choices you made when you became a user and set up your account and the information and documents you add to your account,
• Other types of interactions you will have with us and our service, e.g user interviews, tests, customer feedback, product, website and service usage etc.
  

Here is the legal basis for our processing of your data:

• Your consent (GDPR Article 6.1.a),
• To perform our contract with you (GDPR Article 6.1.b),
• Comply with our legal obligations (GDPR Article 6.1.c), incl. the Danish Bookkeeping Act,
• To pursue legitimate business interests of our own business related to operating our website and providing our services to you as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f),
• For the establishment, exercise or defense of legal claims, where necessary (GDPR Article 9.2.f)
  

We will keep these data for as long as they are necessary for the purposes for which they are being processed. As a general rule, we’ll keep the data for as long as you use our product or services with us plus 5 years following the conclusion of your request and/or account creation. If you are employed by one of our customers, we will keep your data as long as we have a business relationship with that customer.

Special circumstances or legal requirements, e.g. related to contract signature and negotiations etc. may entail that such periods may be shorter or longer, including for the purpose of complying with legal requirements for the erasure or keeping of data.

Marketing:

We process your data for marketing-related purposes, including sending you newsletters, providing you with offers, invitations to events and webinars, tailoring our communication with you to accommodate your areas of interests and focus and sending you relevant service promotion.

The data we process about you is collected directly from you and here’s an overview:

• Your contact details, incl. your name, email, title, telephone number, address and country
• What newsletters you signed up for, when you asked to receive email marketing and guides.
• The events, webinars, courses and other types of arrangements that you sign up for and participate in,

• Purchase history, interest areas and use of our digital services,
  

Here is the legal basis for our processing of your data. We collect your personal data directly from you and online sources, e.g. social media like Linkedin:

• Your consent (GDPR Article 6.1.a),
• Comply with our legal obligations (GDPR Article 6.1.c) according to the GDPR, ePrivacy and applicable marketing laws,
• To pursue legitimate business interests of our own business related to operating our website and providing our services to you as long as your interests and fundamental rights do not override those interests (GDPR Article 6.1.f),
• Article 9.2.f (necessary for the establishment, exercise or defence of legal claims).
  

We keep your data for as long as you are subscribing to our newsletters, email marketing etc. If you ask us to unsubscribe you, we will keep your data for two years after your request so we can show that we have honored your request and to make sure that you aren’t receiving the material.

If we have collected publicly accessible information about you for the purpose of being able to carry out marketing activities, we will keep such data for as long as the relevant activity is ongoing and for two years after that.

Regarding events, seminars, courses etc. we’ll keep your personal data as long as they are necessary for the purposes of the course, the event or seminar in question and for evaluating them.

Improve, optimize or modify the experience on our website and online service:

We process your data collected by your use of our website and online services and products to improve the user experience on our website and the services we offer and to compile statistics for the use of our website. We use the data to operate our services, enhance and protect the security and ensure their secure, reliable, and robust performance, to improve the content we show you, determine what content is most helpful and the usability of our website, apps and online services.

The data we process about you in that regard is:

• When you visit our website or apps, our servers may automatically log the standard data provided by your web browser. It includes your computer’s Internet Protocol (IP) address, your browser type and version, your user agent, the pages you visit, the time and date of your visit, the time spent on each page, and other details.
• Cookie information: We use cookies and similar technologies to collect additional website usage data and to operate our services.
• We receive information when you interact with our services, e.g. when you visit our websites, when you sign into your account, or when you interact with email subscriptions. This includes information such as your IP address, browser type, browser language, operating system, the referring web page, pages visited, location, device information, and cookie information
• We don’t process sensitive data.
  

We collect your data from you, from your use of cookies and our website and products and from User collaboration and invitation to the platform.

Here is the legal basis for our processing of your data:

• Your consent (GDPR Article 6.1.a),
• Comply with our legal obligations (GDPR Article 6.1.c), incl. ePrivacy directive,
• Article 6.1.f (necessary for the pursuit of legitimate purposes of us) to be able to give you the best experience when interacting with us and / or make use of our services we can use personal data to improve our services to you,
• Article 9.2.f (necessary for the establishment, exercise or defence of legal claims).
  

If you would like to know more about the cookies we use and for how long we keep this data, read our cookie policy here.

Business- and product development:

We process your data to do data analysis, audits, developing new products and services, identifying usage trends, determining the effectiveness of our campaigns and operating and expanding our business activities. The data we process about you in that regard is:

• Your contact details, incl. your name, email, title, telephone number, address and country,
• How you are using our products and services,
• Purchase history, interest areas and use of our services,
• We don’t process sensitive data.
  

Here is the legal basis for our processing of your data:

• Your consent (GDPR Article 6.1.a),
• Article 6.1.f (necessary for the pursuit of legitimate purposes of us) to be able to give you the best experience when interacting with us and / or make use of our services and products.
  

We collect your data directly from you and from user collaboration and invitation to the platform and we’ll retain the data processed for this purpose in accordance with our data retention policy.

Comply with obligations

Your data is processed to comply with legal obligations and requirements, requests from public and governmental authorities, relevant industry standards and our internal policies, and protect our operations and our rights.  

Here is the data we process

• Your contact details such as name, email, title and telephone/mobile number
• The company you work for, incl. their domain, address and country
• Information required to comply with public and governmental authorities
  

The data retention period will be based on statutory requirements.

4. Additional information

Some of the grounds for processing your data may overlap, so there may be several reasons which justify us processing your data. We may also use your data in other ways but we will inform you about these purposes when we collect your data.

If you would like more information about our legal basis for processing your data, feel free to contact us.

Please note that special circumstances or legal requirements may mean that such periods may be shorter or longer, depending on the purpose of complying with legal requirements for the erasure or keeping of information.

5. Keeping your data safe

We use reasonable organisational, technical and administrative measures to protect your data within our company. The Internet is not a 100% secure environment and that means we cannot guarantee the security of the data you transmit to us. Emails sent via the Internet might not be encrypted, so we advise you not to include any confidential or sensitive information in your emails to us.

Your security is important to us. We want to make sure that our customers have all the information needed to show that you are compliant with GDPR when using our services. We have therefore made a lot of effort to make all needed documents available on our website. You can find our security documentation here:

Link‍

6. Processors

We use companies (processors) to help us deliver our services to you, e.g. to provide the hosting environment for our product, send out newsletters, to help us run our website etc. When we use a processor we make sure that there is a legal agreement in place regarding how they will be handling data on our behalf. We’ll also make sure that they have appropriate security measures in place and we’ll of course make sure that there is a legal agreement in place allowing us to give them access to the data.

Here you can see which processors we are using. They are processing data on our behalf:

• AppSignal
• AskNicely
• ChartMogul
• CloudAMQP
• Cloudflare
• Criipto
• E-conomic
• GetProspect.io
• GSuite
• Heroku
• Hotjar
• Hubspot
• Intercom
• Jiminny
• Justcall.io
• Likvido
• Mailchimp
• Metabase
• Neverbounce
• Overloop.com
• Pendo
• Relatel
• Sentry
• Slack
• Stitch
• Stripe
• Superhuman
• Weld
• Zapier
• Zendesk
  

Read our cookie policy regarding the suppliers we use for those services.

In the event that we are involved in a bankruptcy, merger, acquisition, reorganization, your information may be transferred as part of that transaction.

7. Your rights

You have the following rights:

• Your right of access, rectification: You have the right to ask us for copies of your personal data, ask us to rectify information you think is inaccurate. There are some exemptions, which means you may not always receive all the information we process but as a main rule you can always contact us and ask for your information.
• Your right to erasure: You can ask us to erase your personal information in certain circumstances.
• Your right to withdraw your consent: If processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent. You may withdraw your consent by support@contractbook.dk
• Your right to restriction of processing and object to processing - You have the right to ask us to restrict the processing of your information and a similar right to object to processing.
• Your right to data portability: You have the right to receive your personal information in a structured, commonly used and machine-readable format (data portability).
• Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data about you for such marketing.
  

There may be conditions or limitations on these rights. It is therefore not certain e.g. you have the right of data portability in a specific case - this depends on the specific circumstances of the processing activity. You are always welcome to contact us and ask. The same goes for some of the other rights.

The law gives us one month to respond to you, but we’ll try to respond sooner.

a. Complaints

You can always lodge a complaint with a data protection authority, for example the Information the Danish Data Protection Agency.

b. Assistance and additional information

You can take steps to exercise your rights by using this email: support@contractbook.dk

If you have questions about the policy, feel free to contact us by using the contact details in this policy.

8. How to unsubscribe to email marketing material?

If you have subscribed to our newsletters or asked to receive marketing material from us, you can always unsubscribe. In all these emails we include an unsubscribe link and you always click the link and easily unsubscribe.

You can also unsubscribe by sending us an email to support@contractbook.dk

9. Children and Our Services

Our services and website are not directed to children, and you may not use our services if you are under the age of 18. You must also be old enough to consent to the processing of your information in your country.

10. Changes to this policy

Sometimes we need to make changes to this policy to reflect our current practices. We will take reasonable steps to let you know about changes via our website.

If you are a registered user, we will notify you via email if significant changes are being made to the policy using the email address you gave us when you signed up. If you continue to use our website or services after the notification, we will regard this as your acceptance of our privacy practices.

The policy was last updated on 12 July 2021 and effective from 1 September 2021.